Lucene search

LenovoCVELIST:CVE-2022-3701

HistoryOct 27, 2023 - 7:38 p.m.

CVE-2022-3701

2023-10-2719:38:49

CWE-367

lenovo

www.cve.org

lenovo vantage

privilege elevation

vulnerability

local attacker

arbitrary code

elevated privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Vantage SystemUpdate Plugin",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "2.0.0.213",
        "status": "affected",
        "version": " ",
        "versionType": "custom"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-94532

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-3701